Using Continuous Threat Exposure Management to Enable Business Partnership 

This is Part 4 of our five-part series on Continuous Threat Exposure Management (CTEM). Effective cybersecurity is not just about defense; it’s about building trust and collaboration between security teams and business leaders. This blog examines how continuous CTEM enables stronger partnerships by aligning security initiatives with business priorities, turning cybersecurity into a strategic enabler. Learn how CTEM fosters confidence, drives shared goals and enhances organizational resilience. 

Introduction 

During my tenure as a CISO at a large healthcare organization, we encountered a significant challenge that underscored the critical importance of CTEM. A department specializing in oncology research had independently implemented a third-party cloud-based analytics platform to accelerate patient outcome modeling. This platform was entirely off IT’s radar and contained sensitive, protected health information (PHI). If a vulnerability in the platform’s software was exploited, it could have led to a breach, compromising the PHI of thousands of patients and jeopardizing the integrity of ongoing clinical trials. 

This weakness highlighted a systemic issue: IT and security lacked visibility into non-IT-managed systems, leaving gaps in our security posture. Had CTEM been in place, we could have proactively discovered the platform during an asset inventory, prioritized its vulnerabilities, and taken corrective actions before the breach occurred. This experience profoundly shaped my approach to enterprise cybersecurity and reinforced the need for a framework like CTEM, especially in highly regulated industries like healthcare. 

In most organizations, the CISO is responsible for protecting data and systems across the entire organization (in some cases, a product security officer may be responsible for security for systems developed and sold to customers), not just the core IT services that support the organization’s day-to-day operations. Adopting a Continuous Threat Exposure Management (CTEM) approach can not only provide insight into cybersecurity events but also protect other business units from their impact.   

Many organizations have complex business units with differing priorities to meet their goals. This could be finance, marketing, product development, human resources, professional services, sales, or information technology. All these business units will have software or systems vital to their operations and revenue. Many systems may be managed within the business unit without much IT oversight. IT may not know that the systems exist, especially if they are SaaS products using a web-based portal. With ports 80 and 443 allowing access to the internet, the IT department will only be aware of the SaaS if they are monitoring the destination or if they get a call from the support desk for assistance with the system.  

Utilizing CTEM incorporates the discovery of all systems into the approach and then prioritizes them based on importance to the business. A CISO and their team will need to understand who is running non-IT managed systems and will need to rank them based on overall enterprise impact appropriately. CTEM provides a framework that can be more readily explained to partners in other business units. The five basic steps of CTEM are identifying scope, discovering assets, prioritizing threats, validating and testing the likelihood of exploitation, and assigning resources to mitigate. This approach can not only give the CISO a way to manage limited resources. Still, it can also provide the leadership team a better picture of business risk and build relationships across business units. 

In my experience as a CISO, different business units may avoid working with IT because they do not see IT as having a role in the business mission or as adding friction or delays to system deployment. They may also see the CISO as an impediment to deployment or forcing controls that could limit the system's flexibility.  

Ultimately, the IT department will discover new systems or assets as they monitor the network or internet usage or receive requests for access to these systems. While the application may have snuck into the enterprise under the radar, the CISO is ultimately responsible for the security of all IT systems and data, so these systems would fall under that scope. 

CTEM provides the CISO and any business information security officers with a framework to discuss how the business unit’s system ranks in priority to the rest of the enterprise. The business unit may not know how their systems impact the rest of the organization and the bottom line. CTEM allows for open discussion between the CISO and the business unit about business goals, security, support, and business continuity. The approach can also help connect the business unit to other parts of the business that could benefit from adopting the system. The CISO serves as a connector for the organization and should be aware of the goals of the other business units and support services, thereby helping a business unit with future goals.  

The CISO should look at the CTEM approach as a tool for engagement with business units. While discovering, prioritizing, and mitigating threats, the CISO can explain how the security team and other IT resources may be allocated to help the business unit secure and ensure the availability of that unit’s system. Additionally, CTEM can give the business unit a better sense of its systems and how they fit into the organization's overall mission. By maintaining the CTEM approach and having complete knowledge, prioritization, and risk mitigation strategies in place, the business unit is going to be in a better position to achieve its goals, maintain the availability of systems, and help build and grow a strategy for the expansion of the business unit.  

Five Ways to use CTEM for Engagement 

CTEM provides a structured framework for managing cybersecurity risks while fostering collaboration and trust between the CISO and other business units. Below are the five steps of CTEM and practical tips for using them as tools for engagement: 

1. Identify scope 

Clearly defining the scope of CTEM efforts ensures that every business unit feels included in the process. Begin by understanding each department's goals—whether they relate to patient care, research, or administrative efficiency—and communicating how CTEM will support those objectives. 

Tip: Involve department leaders in scoping discussions to highlight how CTEM can align security measures with their priorities. 

2. Discover assets 

Many business units need IT oversight to adopt systems, leading to shadow IT. Use CTEM’s discovery phase to identify unknown systems and integrate them into security. Approach these discoveries as opportunities to support the business unit rather than as compliance failures. 

Tip: Frame the discovery process as a collaborative effort to protect business unit assets and improve reliability. 

3. Prioritize threats 

Work with business units to rank risks based on their potential impact on department-specific and enterprise-wide goals. For example, a research team may rely on a SaaS tool critical for compliance with clinical trial regulations, while billing systems may need protection to ensure revenue continuity. 

Tip: Share prioritized risk reports with business units to demonstrate how security decisions are made transparently and in their best interest. 

4. Validate risks 

Testing and validating the likelihood of exploitation helps build confidence in the CTEM process. This can provide business units with actionable insights about their systems and educate them on potential risks and solutions.  

Tip: Conduct risk validation sessions as collaborative workshops where teams can learn about threats and contribute ideas for mitigation strategies. 

5. Assign resources to mitigate 

Allocate resources to address the most critical risks while maintaining open communication with business units. Use CTEM to explain why certain systems receive priority and how this benefits the organization.  

Tip: Involve business units in resource allocation decisions to ensure their needs are considered and build buy-in for mitigation efforts. 

TAG’S Take 

CTEM is more than a cybersecurity framework; it’s a strategic asset that enables organizations to manage risks while fostering collaboration and trust across departments. By following the five steps of CTEM and leveraging them to engage with business units, CISOs can ensure their security teams protect the organization and contribute to its growth and success. In the healthcare industry and beyond, CTEM empowers leaders to build resilient systems, maintain compliance, and support innovation—all while strengthening relationships across the enterprise. 

About TAG

TAG is a trusted research and advisory group providing unbiased industry insights and recommendations on cybersecurity, artificial intelligence, sustainability, and related areas to Fortune 500 customers, government agencies, and commercial vendors. Founded in 2016, the company bucks the trend of pay-for-play research by offering in-depth research, market analysis, consulting, and personalized content based on thousands of engagements with clients and non-clients alike—all from a practitioner perspective.   

Copyright © 2024 TAG Infosphere, Inc. This report may not be reproduced, distributed, or shared without TAG Infosphere’s written permission. The material in this report is comprised of the opinions of the TAG Infosphere analysts and is not to be interpreted as consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report are disclaimed herein.